How to hide cookies.txt from the Curl

Asked

Viewed 173 times

0

inserir a descrição da imagem aquiI have a php code that makes a request with Curl on a page, but it saves cookies in a cookies.txt text file, and anyone can have access to that file in a direct link "www.meusite.com.br/cookies.txt" I wonder how to hide this, because the security of my application will be at risk if someone finds this file.

1 answer

1


There are already a number of posts on the site about how to block an external client from accessing a file.

For example, if it is an Apache server:

/search?q=.htaccess+bloquear

Best thing would be to change the path where the file is saved by putting it out of the root of your hosting (for example, out of the directory httpdocs or equivalent):

curl_setopt( $curl_handle, CURLOPT_COOKIEJAR, caminho );
curl_setopt( $curl_handle, CURLOPT_COOKIEFILE, caminho );
  • CURLOPT_COOKIEFILE is the way where the cookies are stored and read during normal use.

  • CURLOPT_COOKIEJAR is the way where the cookies are stored after calling the Cleanup .

See the Curl options for PHP in the manual:

http://php.net/manual/en/function.curl-setopt.php

  • Thanks more seems to me that even so with a scanner it is possible to find this cookie file on my site

  • But I am passing this so you can put the files OUT of the site. I edited the post to make it clearer. If you just want to block the files, there are already answers on the site. If you are apache, just search for . htaccess

  • Thank you I will inform me more about :)

Browser other questions tagged

You are not signed in. Login or sign up in order to post.